Re: dns-more than I ever wanted to know...
Thanks to everyone who responded to this. I'm working on synthesizing everything. I'm one step closer now. Alex On Sep 24, 2004, at 9:14 AM, mailing lists at MacTutor wrote: I've come across a ton of DNS tutorials on the web. Everything I've found so far is very lengthy. I need to setup a simple small office/home office network with DNS so that it resolves my inside network among the machines and hides it from the greater internet. I'm open to suggestions of a quick fix that won't take me a day and half reading full time. Thanks, Alex - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dns-more than I ever wanted to know...
> Steve, > > Thanks a bunch! This is a great help. I'm not clear on the use of > allow-transfer. Reading the manpage for named.conf(5), I'm tempted to > leave it out. But, I'm not fully understanding the use of it. The > manpage says, > > allow-transfer >Specifies which hosts are allowed to receive zone transfers from > the >server. allow-transfer may also be specified in the zone > statement, >in which case it overrides the options allow-transfer statement. > If >not specified, the default is to allow transfers from all hosts. > You most likely don't need it. If you have 2 DNS servers, allow-transfer states which other servers are allowed to receive the DNS changes. This is likely not the case for you, so leave it out. > I'm taking "which hosts are allowed to receive zone transfers from the > server" to mean hosts on my local network and the server is the DNS > server I'm setting up now. I don't want my zone information going out > to the internet (my isp), but I do want to let it in (of course). I'll try to clarify. Most of my domains DNS info is hosted on a ``master'' server. This server is responsible for telling the Internet what IP's are for what servers. If you don't have a domain, then you will not have this set up. Now, what happens if my master DNS server goes down for my domain? Well, I have a backup server (secondary) that contains the same zone files, so it as well knows about my domain. If I make a change on the master, for instance if I need to change the IP of my web server, I make the change on the master, and eventually that change gets replicated to the secondary. Allow-transfer is like an authorization for which IP addresses the master is allowed to send the updated DNS info to. I expect you are wanting to use a ``caching-only'' type server now. If you have no domain to set up, then what is happening is your DNS server downloads DNS info from the Internet. Client sends DNS request to your server...your server looks up the DNS info from the proper server on the Internet...DNS info is passed back to the client. Now your DNS server has those records cached, so lookups after that of those same domains are almost instantaneous. You can play with BIND and set up your own domains, even if they are not registered. Using my example of the zones, you can create a phony one like 'internal.com'. No one on the Internet will know you are using it. If you want to do this, just edit named.conf as described, and create a zone file with some names for you PC's. ie: workstation IN A 10.0.0.10 ; your computer gateway IN A 10.0.0.1 filesrv IN A 10.0.0.20 Note that anything after ; is a comment. Now, once your pc's are pointing DNS at the new box, you will be able to ping your inside network by name, AND IP. You got it right. Unless firewalled off, bind will listen by default on all Interfaces, but point the clients to 10.0.0.1 as the DNS server. Hope I was able to clarify not too badly. I'm very busy today, so I'm rushed to reply so forgive any errors, omissions and/or bad clarification. If you have more questions, fire away. Steve I > failed to mention that the machine acting as DNS inside my network > is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. > Does > it matter which interface I face toward the internet?) Perhaps this > doesn't matter as long as the DNS server is pointing to/resolving for > the inside (local) network interface (10.0.0.1). Let me make this more > clear. I have the following (typical?) small office setup: > > - > ISP<--- monopolists > + > | > | > | > (vr1) <--- DHCP'd from ISP > -- > FreeBSD 4.10 gateway > -- > (vr0) <--- 10.0.0.1 > | DNS,ipfw,natd,httpd > | > | > {... local network ...} > > So, all this just to clarify allow-transfer. :) My questions go deeper > than DNS. But, I'm trying to figure out the rest myself. > > Thanks, > > Alex > > > On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote: > >> >> ... and then add a record for a domain. >> >> zone "domain.com" { >> type master; >> file "domain.com.zone"; >> allow-transfer { 192.168.0.3; }; // This is your secondary >> DNS >> allow-update { none; }; >> }; >> >> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Alexander Sendzimir (owner)802 863 5502 > MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] > > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dns-more than I ever wanted to know...
mailing lists at MacTutor wrote: > I've come across a ton of DNS tutorials on the web. Everything I've > found so far is very lengthy. I need to setup a simple small > office/home office network with DNS so that it resolves my inside > network among the machines and hides it from the greater internet. > > I'm open to suggestions of a quick fix that won't take me a day and > half reading full time. Have you already read this one? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html Simon pgpCx2Owa2FCZ.pgp Description: PGP signature
Re: dns-more than I ever wanted to know...
Steve, Thanks a bunch! This is a great help. I'm not clear on the use of allow-transfer. Reading the manpage for named.conf(5), I'm tempted to leave it out. But, I'm not fully understanding the use of it. The manpage says, allow-transfer Specifies which hosts are allowed to receive zone transfers from the server. allow-transfer may also be specified in the zone statement, in which case it overrides the options allow-transfer statement. If not specified, the default is to allow transfers from all hosts. I'm taking "which hosts are allowed to receive zone transfers from the server" to mean hosts on my local network and the server is the DNS server I'm setting up now. I don't want my zone information going out to the internet (my isp), but I do want to let it in (of course). I failed to mention that the machine acting as DNS inside my network is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. Does it matter which interface I face toward the internet?) Perhaps this doesn't matter as long as the DNS server is pointing to/resolving for the inside (local) network interface (10.0.0.1). Let me make this more clear. I have the following (typical?) small office setup: - ISP<--- monopolists + | | | (vr1) <--- DHCP'd from ISP -- FreeBSD 4.10 gateway -- (vr0) <--- 10.0.0.1 | DNS,ipfw,natd,httpd | | {... local network ...} So, all this just to clarify allow-transfer. :) My questions go deeper than DNS. But, I'm trying to figure out the rest myself. Thanks, Alex On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote: ... and then add a record for a domain. zone "domain.com" { type master; file "domain.com.zone"; allow-transfer { 192.168.0.3; }; // This is your secondary DNS allow-update { none; }; }; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Alexander Sendzimir (owner)802 863 5502 MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dns-more than I ever wanted to know...
> I've come across a ton of DNS tutorials on the web. Everything I've > found so far is very lengthy. I need to setup a simple small > office/home office network with DNS so that it resolves my inside > network among the machines and hides it from the greater internet. > > I'm open to suggestions of a quick fix that won't take me a day and > half reading full time. # cd /etc/namedb # chmod 744 make-localhost # ./make-localhost # ee named.conf Change or add the following: forwarders { 142.77.2.36; 142.77.1.1; 142.77.1.5; }; ... and then add a record for a domain. zone "domain.com" { type master; file "domain.com.zone"; allow-transfer { 192.168.0.3; }; // This is your secondary DNS allow-update { none; }; }; ...Now you have to create a zone file: # ee domain.com.zone --- start zone file --- $TTL 360 domain.com. IN SOA ns1.domain.com. admin.domain.com. ( 2004090801 ; Serial 7200 ; Refresh 3600; Retry every hour 1728000 ; Expire every 20 days 172800 ); Minimum 2 days ; ; Set the name servers to whatever was used when registered IN NS ns1.domain.com. IN NS ns2.domain.com. @ IN A x.x.x.x ; Set the Mail Exchange record @ IN MX 10 mail.domain.com. @ IN MX 20 mail2.domain.com. ; Host records ; Core ns1 IN Ax.x.x.x ns2 IN Ax.x.x.x www IN Ax.x.x.x --- end zone file --- ... now: # chown bind:bind * # /usr/sbin/named -u bind -g bind should get you resolving for your domain, as well as for external domains. To start up the daemon at startup, add the following to /etc/rc.conf: # ee /etc/rc.conf named_enable="YES" named_program="/usr/sbin/named" named_flags="-u bind -g bind" ...all off the top of my head, so forgive me if I left something out. If you don't have a domain internally and you want to resolve only external names, skip adding the domain entry and the zone file pieces of this email. Let me know if I missed something or it doesn't work as expected. HTH, Steve > > Thanks, > > Alex > > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Alexander Sendzimir (owner)802 863 5502 > MacTutor: Apple Mac OS X Consulting [EMAIL PROTECTED] > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dns-more than I ever wanted to know...
On Sep 24, 2004, at 8:14 AM, mailing lists at MacTutor wrote: I've come across a ton of DNS tutorials on the web. Everything I've found so far is very lengthy. I need to setup a simple small office/home office network with DNS so that it resolves my inside network among the machines and hides it from the greater internet. I'm open to suggestions of a quick fix that won't take me a day and half reading full time. This is a bit fancier than a minimum setup as it integrates DHCP with your DNS keeping both in sync: http://ezine.daemonnews.org/200408/dnsdhcp.html -- David Kelly N4HHE, [EMAIL PROTECTED] Top-posters will not be shown the honor of a reply. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"